Share this story

Do people read online privacy policies? Of course not. But if they did read them at least once a year, it would take an average of 10 minutes per policy and cost $365 billion in lost leisure and productivity time.

"The Cost of Reading Privacy Policies" poses the question, "If website users were to read the privacy policy for each site they visit just once a year, what would the loss of their time be worth?" The mean length of privacy policies from the web's most popular sites was 2,514 words, long enough to induce eyestrain even in the biggest privacy nerd (and one policy from the sample went as high as 7,669 words).

When multiplied across the major sites that most users visit in a year, it's clear that getting a good sense of what web sites are doing with personal information could consume a good chunk of one's time. In fact, the authors estimate that it could take anywhere from 16 to 444 hours per person per year, with most Americans needing a full 200 hours to get through everything.

This sort of time cost has obvious economic impacts, which the authors estimate at nearly $3,000 per person per year—or $365 billion for the entire country.

Because most people don't read such policies anyway, this number has no real correlation to any US economic loss. Instead, it serves as a warning about their sheer mind-flattening impenetrability. The answer, in the authors' view, isn't to somehow convince people to read such policies, but to make privacy easier to understand.

"Some corporations take the view that their users should read privacy policies and if they fail to do so, it is evidence of lack of concern about privacy," they write. "Instead, we counter that websites need to do a better job of conveying their practices in useable ways, which includes reducing the time it takes to read policies. If corporations cannot do so, regulation may be necessary to provide basic privacy protections."